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ABSTRACT 


Two structural tests for random number generators of 
the Lehmer congruential type are discussed. They are 
known now to be essentially equivalent but are formulated 
incorrectly and the computational algorithms to implement 
the nee are unnecessarily complicated. New algorithms 


for these tests will be sketched. 
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Pre KOU UCTLON 


Pewitstony sor GigGital computing 1s characterized by 
the near exponential progress in hardware, operating sys- 
tems, programming languages, and numerical computing algor- 
ithms. In contrast, the science of pseudo-random number 
generation has virtually stood still for the last twenty 
five years in spite of literally hundreds of publications 
on the subject. 

D. H. Lehmer proposed the linear congruential scheme 
for the generation of pseudo-random numbers on a digital 
computer in 1951. This scheme has been the singularly most 
popular method ever since. Recently, feedback shift-register 
methods have been proposed for pseudo-random number generation 
but they have not achieved as widespread use. 

It is essential to recognize the fact that neither method 
produces truly “random" numbers by any definition of random- 
ness. Consequently, a great deal of effort has been invested 
in examining the sequences produced by random number genera- 
tors to establish whether they meet statistical tests for 
randomness for relatively short samples. Given that a 
generator has "passed" an acceptable battery of statistical 
tests, its sequence is considered adequate for use in simulation 
experiments. 

An elaborate collection of statistical tests has been 


developed over the years and Knuth [Ref. 8] provides an 





excellent discussion of these tests. They are, however, not 
sufficient for certifying the quality of a generator. The 
report by Learmonth and Lewis [Ref. 9] attests to this fact 
in that for certain generators known through use to be poor, 
the statistical tests were not conclusive in identifying 
their weaknesses. 

The recent work on testing Lehmer congruential random 
number generators has concentrated on characterizing the 
entire periodic sequence. The two tests proposed, which are 
essentially similar, are the lattice test and the spectral 
test. These tests provide deterministic rather than statis- 
tical criteria for rating the quality of the sequences. 

The thesis to be examined here is that although these 
two tests are a significant advance in the testing of Lehmer 
congruential random number generators, they are formulated 
incorrectly and the computational algorithms to implement 
the tests are unnecessarily complicated. 

It will be shown that the proper space in which to 
characterize finite periodic sequences is an algebraic group 
rather than the space of the natural numbers or the real 
line as has been previously assumed. The development to 
follow will concentrate on the class of primitive root/prime 
modulus random number generators which form a more general 
algebraic system, a finite field. 

The special properties of finite field arithmetic will 


be developed and several new theorems will be presented 





regarding primitive roots of prime fields. Using these 
properties of finite fields, the structure of linear con- 
gruential sequences on finite fields will be examined. 

The conventional lattice and spectral tests will be 
defined and their algorithms outlined. These two tests 
will then be recast for finite field assumptions. New 
algorithms will be sketched as potential replacements for 
the lattice and spectral tests. 

While the surface will only be scratched, the underlying 
theory presented will form the basis for future research 


in random number generator testing. 





Pewee l ore LE LDS 


[mechs Section, 1t is intended to make a critical 
reevaluation of the assumptions underlying the mathematical 
characterizations of linear congruential sequences. Both 
the spectral test of Coveyou and Macpherson and Knuth and 
the lattice test of Marsaglia and Ahrens and Dieter makes 
the very important assumption of an infinite sequence of 
integers. As will be shown, for the spectral test this 
aoSuMoieton 1S Critical for the development of the equidis- 
tribution properties of linear congruential sequences. 
Although the lattice test does not require this assumption, 
it is inherent in the development of the computational 
algorithm. 

Abandoning this assumption and using the more appro- 
priate assumption of a finite sequence, it will be seen that 
both the theoretical as well as computational development 


will be considerably more clear and concise. 


eo oN lr FLELDS 

The integers resulting from the linear congruential 
equation defining a random number generator from an alge- 
braic group. A group is defined as a set of elements upon 
which is defined a binary operation called multiplication 
with the following properties: 

1. the operation is closed, that is if a and b are 


elements of the group then c = ab is also in the group; 





2. the operation is associative, that is 
ayoec) = (abjec  ; 


3. there is an identity element in the group, usually 
denoted by the integer 1 such that la = a holds for every 
element a of the group; 

4. for each element a of the group there is an inverse 
denoted a5 such that at a=l. 

The residues which are relatively prime to a general 
modulus m under the operation of multiplication modulo m 
form a group as defined above. When the group operation is 
MolLetolicatiom,. ene group 1s called a multiplicative group: 
Similarly, an additive group may be defined with the group 
operation being addition. The inverses in the multiplicative 
group fill the role of division. For additive groups, the 
inverse is subtraction and the identity element is 0, l.e., 
a+0O2= a. In either case, if the group operation is also 
commutative, ab = ba or a + b=b) +a, the group is given 
another adjective, Abelian. 

To recapitulate, for a random number generator 


X =a Xe (mod m) where m is composite, the integer residues 


itl 
form a finite Abelian multiplicative group under the opera- 
tion of modulo multiplication. For the present case the 

residues of the random number generator Keay =a Xs (mod p), 


where p is prime, form a more general algebraic system, 


10 





Specoum oGalty wiey form a finite field. A field is a gener- 
alization of a group wherein the group operations of addition, 
subtraction, multiplication, and division are all defined 
either as group operations or their respective inverses. 

Tt is the arithmetic properties of finite fields that 


will reveal the structure of the linear congruential sequences. 


Eee Yt ENEITE FIELD ARITHMETIC 

Given a finite field as the algebraic structure on which 
the residues from the random number generator are defined, 
1t remains to examine how the ordinary arithmetic operations 
work in this system. 

Modulo addition works as would be expected. In ordinary 
addition over the integers, the only solution to the equation 
a+x= 01s x = -a. In finite field arithmetic over the 
positive integers the solution is given by another positive 
integer called the additive inverse. For example, in the 
finite field formed by the prime 17, the additive inverse 


of the integer 3 1s not -3 but 14 
3+ 14 = 17 = 0 (mod 17) 


Therefore x = 14 satisfies a + x = 0 in this finite field. 
Modulo multiplication also works as in conventional 
arithmetic. The multiplicative inverse, which plays the role 

of a divisor is somewhat differently defined. In ordinary 


arithmetic over the integers the solution to ax = 11s 


ia 





uniquely x = l/fa = ae in finite field arithmetic, the 


role. of 2 is taken by another positive integer in the 
field. Again referring to the field formed by the prime 
i7,) the solution to 3 x = 1is x = 6, i.e., 3 x 6=18 =1 
(mod 17). Therefore a = 6 in this field. 

Although subtraction and division are defined as the 
inverses of the field operations of addition and multipli- 
cation, the algebra of equations over the finite field 
becomes more difficult. The absence of negatives makes 
solutions to simple equations such as 3 - x = 7 impossible. 

Since the labelling of the field elements as positive 
integers was arbitrary, it 1s possible to relabel the ele- 


ments more conveniently. One such relabelling, is as 


follows, 
i iE L lL 
{- 5x (p-1) a x (p-3) po eee =; O, Pe ec ee 5x (p-3) ’ x(p-1) 


Here the elements previously labelled with integers greater 
than (p=) are mapped into their additive inverses which 
are less than or equal to (p-1) and of opposite algebraic 
Sign. For instance, in the field formed by the prime 17, 
the positive integer 14 is mapped into the element -3. This 
mapping preserves the additive inverse of 3 since 

3 + (-3) = 0 as required. This new notation will be called 


the primitive mark notation. 


nz 





Cee RLMITIVE ROOTS 

Before examining the structure of linear congruential 
sequences, it will be instructive to examine primitive roots 
of primes in the context of finite fields. As previously 
indicated, for the type of random number generators to be 
examined here, namely the primitive root/prime modulus type, 
the multiplier is required to be a primitive root to guar- 
antee a full period. In finite field terminology primitive 
roots are termed generators of the field. 

The term generator derives from the finite analogy of a 
generating function. Any primitive root of the prime finite 
field may be used in defining the generating function on 
the finite field. The term primitive root also has the very 
special connotation of primitive root of unity. A primitive 
root serves for a finite field the same special properties 
that the primitive root of unity exp {27ik} serves for the 
complex field. In fact, the (infinite) field of complex 
numbers is the only other field which possesses a primitive 
mOOtLTOL UNnLtY. 

While it is known that every prime possesses at least 
one primitive root, the only other significant fact that 
number theory offers is that each prime p contains precisely 
@O(p-1) primitive roots. Here $¢(p-1) is Euler's totient 
function which is defined to be the number of integers less 
than and relatively prime to (p-l). When constructing a 
primitive root/prime modulus random number generator the 


greatest problem lies in discovering a primitive root of the 


Ae 





given prime. The procedure usually followed is to use a 
trial and error technique on small integers and then to 
apply the definition of a primitive root to verify if the 
number is in fact primitive. This actually is not an easy 
task since showing that p-l is the least positive exponent 
Buca that ae = 1 (mod p) requires considerable computation. 
Tables do exist listing several primitive roots for some 
primes and this is a great help. Knowledge of one primitive 
root provides a rather easy method for finding others. A 
simple, but potentially very lengthy algorithm for finding 


all the primitive roots of a given prime is as follows. 


Egor it nm ae 


Al. Factor p-l into its prime factors. (A sieve 
method may be used.) 

A2. Select a known primitive root, say a; set k = l. 

A3. Divide k by each of the prime divisors of p-l. 
If any of the prime divisors divides k evenly, 
i.e., no remainder, then ac is not a primitive 
root, go to A4. Otherwise print a as a 
primitive root. 

A4. If k is greater than or equal to p-2, stop, all 
primitive roots have been found and printed; 


otherwise k = k+l, go to A3. 


Viewing primitive roots as generators of the finite field 
of characteristic p, it is possible to use the properties of 


finite fields to discover further knowledge about other 


14 





primitive roots. All finite field elements may be represen- 
ted as power residues of a primitive root of the field, that 
1s, every element may be represented as as (Hed sat Ora 
unique k. The multiplicative inverse of any finite field 


element is found easily using the following lemma. 


Lemma 1: The multiplicative inverse of a finite field 


element (not necessarily a primitive root), Pe (mod p), is 


Ge> Lyk 


Simply a (mod p). 


Proof: aka (Prl)-k 2 4k, (pl) -k 


ia(mod =p) 


(p-1) 


Since a 1 (mod p) by definition of a primitive root. 


Q.E.D. 


This lemma leads to the following theorem concerning the 


multiplicative inverses of primitive roots. 


Theorem 1: If ais a primitive root of the prime p, then 


ee ee 


its multiplicative inverse a (mod p) is also a 


primitive root. 


Proof: The multiplicative inverse of ais, by Lemma l, 


“lL. ,(prl)-l . ,(p-2) 


a =a (mod p). 


i 2 


To show that a ~ = alee (modo ms co pilin btlVcwneec-not ne. 


it must be shown that (p-1) is the least positive exponent 


Such that 
es 





ee eee ee) ee nod 


Hence, 


(a7 (P-L) = (g(r 2) s (p-l) J (p-2)p .-(p-2) 
See yea) seers 
= i at q~ (P72) 
Boo?) eee) 
= el) (mod spire 
Assume eee =i (med p>) wilt 0 < gq < (p=l))) then 
(a\Pe) 7G = g'P-DG 2-4 = oF (mod p) 


Applying Lemma l again 


ee ete ened p) 


If a * is congruent to 1 modulo p this would imply eae ee 
1s also congruent to l and this contradicts the assumption 
that a is itself a primitive root, 1.e., (p-l) is not the 


least positive exponent such that Ae =e (OG Vp) ae Oe Eee 
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Tf the multiplicative inverse of a primitive root is also 
a primitive root then it would be logical to examine additive 
inverses. Unfortunately the case for additive inverses is 
somewhat more restrictive. To examine the additive inverses 
of primitive roots it is necessary to separate the primes 
into two classes, specifically the classes p = 1 (mod 4) 
and p = 3 (mod 4) for primes p > 2. It is trivial to see 


that these are the only two classes into which the primes 


maul modulo 4. 


Theorem 2: If ais a primitive root of the prime p > 2, 
then the additive inverse of a is also a primitive root of 


eeelteana only 1f p = 1 (mod 4). 


Proof: In the unambiguous notation of primitive mark repre- 
sentation, the additive inverse of a primitive root a is 
-a. To show that -a is a primitive root of p when p = 1 (mod 4), 


ee ee OS SZ (5) = 1 (mod vp). 


To show that -a is not a primitive root of p when p = 3 (mod 4), 


(-a) (P71) (mod 4) = ea = ac Sil, (Gites je) = 


Since it was assumed that awas a primitive root of p, the 
qeovercontmadicks Ehe primitivity of a, 1.€., p-l 1s not the 
least positive integer such that ae! = 1 (mod p) for 


primes p > 2. Osh... 


Ii 





The two theorems just presented offer some insight into 
the distribution of primitive roots over a prime finite field. 
Theorem 2 is particularly instructive when considering the 
field integers in their primitive mark representation. Know- 
ing that the additive inverses are also primitive roots for 
certain primes, the $¢(p-l) primitive roots are distributed 
symmetrically about the origin at 0. Considering again the 
finite field formed by the prime (17 = 1 (mod 4)), there 


are $(16) = 8 primitive roots distributed as follows: 


The respective multiplicative inverses are indicated. 

For the case of primes p = 3 (mod 4), the situation is 
less appealing. Since the additive inverses are not primitive 
roots, the symmetry is lost. There is no particular pattern 


to the distribution of the primitive roots or their 


multiplicative inverses. 


eS 





IIL. STRUCTURE OF LINEAR CONGRUENTIAL SEQUENCES 


The attempts to characterize the sequences emanating from 
linear congruential random number generators recently have 
focused on structural representations. The lattice test im- 
poses a grid on the generated n-tuples of points and charac- 
terizes the sequences in terms of the lengths of the sides of 
the smallest n-dimensional hypercube which can be constructed. 
The spectral test, which can be shown to be a variant of the 
lattice test, views the n-tuples as forming waves of hyper- 
planes and characterizes the sequence bythe "frequency" of 
these waves. 

Marsaglia [Ref. 9] attempted to expose more of the repeti- 
tive structure of the generated sequences. Three new theorems 
will be presented here to further characterize the structure 
of these sequences. By exploiting the primitive mark notation 
for finite fields more insight will be gained. These new 
theorems will then be contrasted with Marsaglia's work, lead- 
ing to a redevelopment of the lattice test and spectral 


test. 


A. THE FUNDAMENTAL SUBSEQUENCE 

It is known that the period of a primitive root/prime 
modulus random number benerator is (p-l). Using the positive 
integer representation for the elements of the finite field, 
the sequence appears to have full period. The following 
theorem will establish the existence of a more fundamental 


half sequence. 


eo 





Theorem 3: The sequence of (p-l) integers generated by a 
primitive root/prime modulus random number generator, when 
expressed as primitive marks, consists of a fundamental sub- 
sequence of length $(p-1). This fundamental subsequence is 
followed by a replicate subsequence identical to the first 
except for opposite algebraic sign. These two subsequences, 
each of length >(p-1) constitute the effective period of 


length (p-l). 


Proof: Without loss of generality, let the sequence begin 
with Xo = 1, then xX, = a, the primitive root multiplier. in 
general, the eh element is xX, = ae (mod p). After generating 


=(p-1) elements of this sequence, the next integer element 


1s 
=(p-1) 
x = 2 (mod p) . 
=(p-1) 
2 
Now, by definition of a primitive root, oe = 1 (mod p), 
therefore 
a 
= D> ee a 
x6 = (a° » = alP71) = 41 (mod p) . 
5(p-1) 
This implies that xy = £71 (mod ») 2] in, tace, 
=(p—L) 
xy ae mod pf (the primitive mark representation of 
abe) 


(S-1)). Since it is known that each integer appears once and 
only once in the sequence and +l appeared as Kor therefore, 
beginning with element x4 , the same fundamental subsequence 


ee 
of primitive marks repeats with opposite algebraic sign. Q.E.D. 


20 





For illustration, consider the following example using 


the prime modulus 17 and primitive root 3. 


ees 405-6 7 “6 * “10 “1 “Io “ia “14 “ieee 


Positive 

i MeCmIQNNIS 5 15 1116 14#8 #7 4 #«~ 2 "omnem 
Stowe nm cmon =? =A. 5 =2 -6 =] -3 8 7 4 = 9 gnu 
mark 


FIGURE 3.1 X,,, = aX, (mod p); a= 3, p=17 
For the lattice test, the consequences of this theorem 
are not particularly important. The grid formed by the lattice 
of n-tuples is very easily constructed using very few n-tuples 
and its regularity is apparent without having to generate the 
entire sequence. For the spectral test, however, the ffect 
would be a folding of the sequence onto itself. 
The next theorem relates the properties of multiplicative 
inverses to the resulting sequence generated by primitive 


root/prime modulus random number generators. 


Theorem 4: In the primitive root/prime modulus random number 
generator Xe) =a x, (mod p), replacing the multiplier a by 

its multiplicative inverse, at, results in a generated sequence 
which is precisely the reverse of the sequence generated by 


ro 


Ze 





Proof: The sequence produced by X.44, =a Xx, (mod p) starting 


with Xo =lis X: = {l, a, ee) J sone a 'PF+) ; (mod p). 
The sequence produced using the inverse at Starting with 
Muoeeee Xs = fivete “), (a *)7, 232, (at) PO) (at PY) 
(mod p). By definition of a primitive root, a ‘P- 4) = 1 (med ap) 
therefore, 
e : ea ee 
= * = xX — = e 
Js XG (p-1) a lL (mod p) 
Similarly, 
Ce Seem (Doe eee 1 
a xy spe 2) a =a a ZF a (mod p) 


By induction, for the general element X*, the corresponding 
element of X is oe ecncenn cane 


pe k = Se 10) = a ese = hoes eee = ae Ginterel je) 


Ore Dre 


Clearly, the sequence generated when the multiplicative in- 
verse is substituted, is precisely the reverse of the one 
generated using the original primitive root. Application of 
Theorem 3 will reveal that the fundamental subsequences are 
reversed also. 

Essentially, substituting the multiplicative inverse for 
the primitive root multiplier causes the random number generator 


EQurin backwards.” 


Ze 





For the special case of prime moduli such that 
p = 1 (mod 4), substituting the additive inverse for the 
primitive r-ot multiplier results in further interesting 


properties of the sequence as the following theorem 


demonstrates. 
Theorem 5: In the primitive root/prime modulus generator 
Keay =e Xs (mod p), where p = 1 (mod 4), replacing a by 


its additive inverse, -a, results in a generated sequence 

with every odd numbered element of the sequence replaced by 
its additive inverse. Expressed in primitive mark notation, 
the fundamental subsequences are the same as for the multi- 
plier a except that the odd numbered elements have opposite 


algebraic sign. 


Proof: Without loss of generality, let the sequence 


Keay =a x. (mod p) begin with Xo = 1, then the generated 
sequence is 

hm = {i, a, a’, Ora ie oe (mod p) 

(pL) 
It was shown in the proof of Theorem 3 that a = =| (mod pe 
7(p-1) +1 > -1) 
hence a2'‘P a a2\P a =-laz= -2 (mod p) . That is, 
oe is the additive inverse of a. The sequence 
* = _ * , ’ , x = 

generated by XP el = (-a) x? (mod p) beginning with XG A: 
1S 

Kt: = (1, (-a), (-a)*,..., (-a) ‘P7*), (-ay ‘P71)} (mod p). 


ZS 





The elements ea for k even is X* are obviously equal to 
the elements oe in X. The elements eae tom Koda, thaeeas, 
the odd numbered elements of X* are the additive inverses 


of the elements aS in X in primitive mark notation, 


ae bao) a’ - a’ = 0 (mod p) 
The second part of the theorem follows directly from Theorem 


Bre Q.E.D. 


Where Theorem 4 showed how to reverse the sequence using the 
multiplicative inverse, using the additive inverse effects 


a "half shuffle" of the sequence. 


B. MARSAGLIA'S THEOREMS 

Marsaglia [Ref. 9] disucssed the idea of a "fundamental 
sequence" for the third generator X, 1) =ona! X. + b (mod m) 
where m is composite. This theorem will be presented here 


and then contrasted with Theorem 3. 


Theorem 6 (Marsaglia [Re£. 9]): The choice of b and the 


starting value Xo are of no consequence for the generator 


x = a X, + b (mod m), in the sense that 1f Xs Xi Xos 


itl 
»~». 1S any sequence generated by Xeay =a A b (mod m) and 
aie ae Yas ue is the fundamental sequence 0, l, lta, 


0! at ecse 
Z 


l+at+a’, ..., generated by Yaad = 2 Ys + 1 (mod m), then 


there are constants V and W such that x. = V Y; + W. In 


24 





tace, Vv = X, (a-1) + b and W = Xo Thus the sequence of the 


form. xX; a X. +) Dino d IM). wl cine 


[eee and b arbitrary (includ- 


0 
ing b = 0) may be obtained from an affine transformation of 
the fundamental sequence. 

In addition, if the multiplier a is relatively prime to 
X with 


m, then the period of the sequence X X 


OS eee = 
Keay =a Xs + b (mod m) is the period of the fundamental 
sequence for modulus m/d where d = gcd {m, XQ (a-1) + b}. 
(End of theorem). 

For the case of the primitive root/prime modulus genera- 


tor, m= p, a prime, a is a primitive root of p, and b = 0. 


With no loss of generality, for Xo = 1 


dad = gcd {p, (a-l)} = 1 


Since (a-l) and all other integers less than or equal to 
(p-l1) are relatively prime to p. Therefore the period of 
this fundamental sequence is theperiod of the sequence for 
p/d = 1 or (p-1) as is already known. The sequence generated 
by Keay =a Xs (mod p) can be put simply into one-to-one 
correspondence with the sequence {4} in the theorem. In the 
case of the primitive root/prime modulus generator, Marsag- 
lia's theorem is completely uninstructive, and by using 
positive integer notation, it actually misses the existence 


of the fundamental subsequences of Theorem 3 which uses 


primitive mark notation. 


Za 





Marsaglia provides another theorem which attempts to 
uncover more detail about his fundamental subsequences. It 


1s presented here. 


Theorem 7 (Marsaglia [Ref. 9]): Let a be relatively prime 
to the modulus m and have multiplicative order+ t. Then 


the fundamental sequence: 
2 


Yoo= 0) Y. = 1, Y,= l+a, Y3 =O a coma ey 


el lta Y, (mod m) (i) 
is made up of a block {B} = {Yq Yas ora Y,-43} OL © disemnce 
residues of m, followed by translates of that block {B}, 


{Btc}, {B+2c}, ... where c = ltata“+ .., taft7}) 


(mod m). 
The period of the sequence (1) is tr, where r is the additive 


Peder On Cc; r= m/gcd {c,m}. 


Applying this theorem to the primitive root/prime modu- 
lus case where m= p, a prime, b = 0, and ais a primitive 
mOoGgmeOr ~, Lt 1S clear that t = (p=-1) by definition of a 
primitive root. Therefore, Marsaglia's fundamental sequence 
is made up of a block {B} = {Yo. Yas er ¥ (p-2) } of the 
(p-1) distinct residues of p,i.e., the sequence constitutes 


one block of length (p-1l). For the additive order of c, 


iMultiplicative order is defined as the least positive 
integer t such that a~ = 1 (mod m) when gcd {m,a} = l. 
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2 (p~2) Bae 


c=lt+at+a +...+a (mod p) = ££ a-~ (mod p) 
j=0 
(p~1) 
1 - 
- 152 (nod 2 
= Q;> 


r = p/ged {0,p} = p/p = 1 and tr = (p-l). 


As in the case of Theorem 6, this theorem provides no 
information. Theorem 3 offers much more insight into the 
structure of the linear congruential sequence. The recog- 
nition of the finite field and using primitive mark notation 
provide the basis for the redevelopment of the lattice test 


and spectral test. 


2 





iV.) LoS BART Ch Trot 


The use of the lattice test is a fairly recent develop- 
ment even though its proposal as a means of characterizing 
linear congruential sequences goes back at least twelve 
years. Franklin [Ref. 6] first observed the hyperplane 
structure of n-tuples from a linear deterministic sequence. 
He was concerned, however, with infinite sequences. Jans- 
son's book [Ref. 7] reiterated the usefulness of the lattice 
and alluded to its possible use with finite, periodic se- 
quences. He did not provide an algorithm or any computational 
results. 

Marsaglia's famous paper [Ref. 10] focused widespread 
attention on the hyperplane structure of the sequences pro- 
duced by congruential generators. Papers by Beyer, Roof, 
and Williamson [Ref. 4] and Smith [Ref. 13] published the 
first algorithms and computational results. 

Recent results on the lattice structure of popular gen- 
erators come chiefly from the later paper of Marsaglia 
[Ref. 9] and the as yet unpublished book by Ahrens and 
Dieter [Ref. 2]. Both of these references contain compu- 
tational algorithms for performing the test. It is the 
difficulty of implementing these algorithms on a digital 


computer which inspired the work to follow. 
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A. THE ALGORITHMS 

The current algorithmic implementations of the lattice 
test will now be described with emphasis on the assumptions 
made. Marsaglia's algorithm, BEST2, will be discussed first. 

In n-dimensional space, it is assumed that a set of 
points by, bo, tbsene oe exist such that all points in the 
Space are integral multiples of them, that is, 

{xr,b 


l + rob, sees oe ren Tyrlor seer TL OF Op + 2 eee, 


constitutes the set of all points spanned by b b b 


ee We eoeegs n° 


These points then form a lattice in n-space. 


The points b bo, eres Do are actually n-vectors so that 


l! 
when viewed as rows of a matrix they form a basis for the 
points in n-space. Any set of n linearly independent vectors 
forms a basis for the points generated by the linear con- 
gruential generator. The objective of the lattice test is 
to start with an initial basis and reduce it through elemen- 
tary row operations to a so-called optimal basis. The 
characterization of the sequence is given by the ratio of 
the longest side to the shortest side of the optimal hyper- 
cube defined by the reduced basis vectors. 

Ideally, all of the points in n-space will be generated 
so that the optimal lattice basis will have all sides of 
length one and a unit cell volume of one. Since a linear 


congruential generator produces only p points in n-space 


where p is the modulus of the generator, the unit cell volume 
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will be oye HOr a(qoed Generator, thesracio of longese 


to shortest side will be close to one, indicating a sem- 
blance of regularity of distribution of the points. An 
ad hoc rule is to summarily reject any generator whose side 
ratio 1s greater than two. 

A natural starting basis for the case of n = 2 is given 


by the vectors 


(1,a) and (0,p) 


where p is the modulus of the generator. These basis vectors 


are derived as follows: 


Xs 44 = ax; - kp 


X a Xe 


j+1 J 
for some integers k and l, so 


Vee epee eee arg eles Ge ara) 


(%5 6X5 47 i’ *i+l 


where L is the integral distance between Be and X.- In 


basis vector form (XX 44) = (X, ,X ) = itl pa) Gla) 07 p) 


J 
hence the vector difference between any two generated points 


ioe 


is the sum of integral multiples of the two basis vectors 
(l,a) and (0,p). This form of a starting basis can naturally 


be generalized to an n-dimensional basis. 
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Marsaglia formalizes this basis concept with a theorem 


for the lattice in 3-space. 


Theorem 8 (Marsaglia [Ref. 9]): Let Ayr Agr seey ain be 


the set of points in 3-space of the form (X55 ar Xs 49) 
where the X's are reduced residues of some modulus m gen- 
erated by the congruential generator Xs 41 =a Xs +o ned emer 
‘There is no restriction on the integers c, a, or m. If the 
point b = (0, c, act+tc) is subtracted from each of these 
points, then the resulting points, a,-b, a5-b, eee a,7P 

all lie on a lattice with unit cell volume m*, generated by 
the 3 points (1, a, a“), (0, m, 0) and (0, 0, m). 

The generalization to higher dimensions is straight- 
forward; for example, in 4-space, if b = (0, c, actc, a“C+actc) 
is subtracted from each of the points of the form (Xs, Keays 
), then the resulting a,-b, 


Be = Dy ses; a Ocean 
m 


eet 3 i a, 
lie on a lattice with unit cell colume m> generated by the 
Mpoimmes (1, a, a-, a’), (0, m, 0, 0), (0, 0, m, 0) ana 
“oreo, 0, mM) . 

For comparative purposes, this initial basis is of no uSe. 
The object of the lattice test is to employ elementary row 
operations on the rows of the initial basis, or unimodular 
transformations to the basis matrix, to acquire an optimal, 
or nearly optimal, basis which can be used to compare 
gener acOrs, 


To this end, Marsaglia [Ref. 9] offers the following 


algorithm. 


on 





Algorithm BEST 2 


Given two points a = (a,1a5, ees a) and b = (Dy, bo, tel 0 
b,,) in n-space 
Bl. If b is shorter than a, interchange b and a. 
B2. Replace b by b - La, where L is the integer closest 
ES 
abo aa) = Sa.b./Za.~ 
per Le 

B3. If the new b is longer than a, stop. Otherwise, go 


to step Bl. 


BEST2 starts with the initial basis vectors defined 
above. Upon termination, the first row contains the shortest 
reduced basis vector and the last row contains the longest 
reduced basis vector. The ratio of these two basis vectors 
characterizes the lattice produced by the generator in 
question. 

To further understand the implementation of the lattice 
test using BEST2, Marsaglia [Ref. 9] gives the following 


example for the case of n= 4. 


Algorithm N 
Nl. Start with a basis ays Aor Agr ay ordered in terms of 


increasing (Euclidean) length |a,| < |a,| < |a3| < |a,|- 


For the congruential generator T(X) = ax + b (mod m), 
Pesctemis (1, a, a-, a-)y. (0, my lOO), (Op mOvmmymOne 
UO: OF 0, mm) 


32 





ize epply the BEST2 algorithm to a a, then to a 


ie a2 a 
Chen co <a 


ae 


then to aye 2! 3 3! ay then to 


Aar ay. If these 6 applications of BEST2 do not change 


ay then to a a 
any of Ayr Agr Agr ay then stop. Otherwise order the 
new basis and repeat this step until the 6 applications 
Of BEST2 produce no change. 

ieee te >| < |b < |b. | < |b,| is the basis on which 6 
applications of BEST2 have no effect, use the ratio 
r= Ib,|/|b, | to characterize the lattice. A ratio r 
near 1 means a good lattice and a large r means a bad 
lattice. Typically, good lattices have r < 2 while 


r > 3 might be defined as a bad lattice. 


The implementation just presented has become popular for 
implementation on digital computers. Later in this section, 
the inherent computational problems of this algorithm will 
be pointed out. 

In Marsaglia's own terminology the repeated application 
of the BEST2 algorithm results in a nearly optimal basis. 

In certain cases it arrives at the optimal, or fully reduced 
basis. In certain cases it arrives at the optimal, or fully 
reduced basis. Preceeding the work of Marsaglia, Beyer, 
Roof, and Williamson [Ref. 4] formulated an algorithm for 
obtaining the optimal, fully reduced basis. They approached 
the problem of obtaining the basis which would yield shortest 
vector lengths as a problem in the solution of positive 


definite quadratic forms. In his work on the theory of the 


eye 





geometry of numbers, the famour German mathematician 
Minkowski established criteria for fully reduced basis 
vectors. Ahrens and Dieter [Ref. 2] also use the Minkowski 
theory in developing their algorithm which will now be 
presented. 

A great deal of preliminary definitions and lemmas are 
necessary to adequately establish reduced bases in the 
Minkowski sense. They will not be repeated here but the 
algorithms themselves will be presented to indicate the 
computations necessary for achieving reduced bases. 

Ahrens and Dieter propose two algorithms, one for the 
Gacemor two dimensions and one for the cases 2 <n < 62 
It should also be noted that full reduction of the basis 
vectors in the Minkowski sense has only been proven for 
Mmoeeoocetne cases nN = 5 and nm => 6 the sutficiency of 
Minkowski's criteria has not been proven and for the cases 
n > 6 no criteria exist. 

For the two dimensional case the following algorithm 
produces a Minkowski reduced basis for the lattice of a 


linear congruential sequence. 


Algorithm MB2. 


Mil. Set i=l = 2, and s = Q. 


a 

mec 

M2. Set m= IS + ee ene 

Mee, £fE ms 0, go to M5. 

M4. Set s = stl. If s = 2, go to M7, otherwise go to M6. 


M5. Set b. = b. - mb. ands = Q. 
J J L 
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M6. Interchange the values of i and j. Go to M2. 


M7. If |b,| > |b,|, interchange b, and bo. 
M8. Return the Minkowski basis bys bo. 
It is assumed that by and bo are an initial basis as 


in the Marsaglia algorithm. In step M2, the bracket notation 
represents a truncation to the next smallest integer value. 
Products such as (bby) represent ordinary vector dot products. 
Full reduction in the cases n = 3 to n = 6 requires an 
auxiliary table, CA! of 5560 coefficients. These may be 
precomputed and stored or they may be computed within the 
algorithm as they are required. The algorithm for these 


cases is as follows. 


Algorithm BMi. 





BM1. Sort the b, such that |b, | < |b5| ES |b | Sewers tS ee : 
BM2. Search for an expression 
m= [= + (b.b.)/(b.b.)] 
Z A) es 
which is not zero. If no such n exists, set k = 4 
and go to BM4. 
Euog Set Bs = Ds - m af lle the order and go to BM2. 
BM4. Set j =n and v= fone where the c, constitute the 
hen set Of soetficictl in the table Cae 
BMSico Lf C. = 0 or if the greatest common divisor d = (cs, 
sees. 7 cL) is not l set j = j-l and restart this step. 


(The test of d is easy since d # 1 occurs in only four 


possible cases.) If wee baba: Gove wre 
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BM6. If k points at the last vector in the table Co 
Gmc, 1f5k — 26, 80, 402, 4952 for n = 37-4, 5, 6) 
go to BM8. Otherwise set k = k+l and go to BM4. 

BM7. Set b, = v restore the order |b,| < |b5| < --- < |b. | 


and go to BM2. 


BM8. Return the Minkowski basis b b b 


1’ Por cree Be 
The table, a, is used to insure that there remain no 
unimodular transformations which will further reduce a given 
pair of basis vectors. In many cases the basis vectors can- 
not be further reduced. Here the Marsaglia algorithm and 
the Ahrens and Dieter algorithm would stop at identical bases. 
The Ahrens and Dieter algorithm proceeds, however, when 
further reduction is possible. Ahrens and Dieter offer no 


theory indicating which multipliers require the additional 


Minkowski reduction. 


B. COMPUTATIONAL IMPLICATIONS 

Both algorithms just presented are not so complicated 
that a programmer would have difficulty coding them for exe- 
cution on a digital computer. Ahrens and Dieter provide a 
fairly straight forward method for constructing the table of 
coefficients, Cae Marsaglia has provided examples of his 
own algorithm worked out, ostensibly by hand, for some two 
dimensional cases. 

The real problems arise when it is realized that except 
for very small moduli, existing digital computers cannot 
express the values which arise during the course of the 


algorithm's execution. 
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In detailing the algorithms, no mention was made of 
reducing the integer values by the modulus. In fact, in 
the initial basis the modulus appears as the only non-zero 
element in n-1 of the basis vectors. The first vector simi- 
larly contains successively higher powers of the multiplier 
which can be assumed to eventually exceed the modulus in 
magnitude. 

The modulus for a random number generator is typically 
chosen to be a value very close to the word size of the host 
computer. In attempting to implement the lattice test, a 
programmer is immediately confronted with the problem of 
expressing the values which exceed the modulus and conse- 
quently exceed the computer's word size. Knuth [Ref. 8] 
has advised that at least 90-bit integer arithmetic is re- 
quired to accurately compute the desired results for moduli 
of the order 2229 Needless to say, this requirement exceeds 
the capacity of existing general purpose computers. One 
known method to alleviate the problem is to acquire a soft- 
ware package which handles unlimited precision computations. 

The computational problems are certainly a hinderance, 
but not insurmountable. It will now be shown that all of 
these problems are a result of the inappropriate formulation 
of the lattice test. By avoiding the over-sophistication of 


the previous development, useful results can be obtained 


Pateiy Simply . 
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Sopetas LATTICE TEST IN A FINITE FIELD 

In Chapter II it was shown that by viewing the generated 
points as elements of a finite field, interesting properties 
of the structure of linear congruential sequences could be 
revealed. The use of the finite field construct was not a 
gimmick to achieve the results of that chapter. It is the 
only rational construct to use in examining these finite, 
periodic sequences. 

All of the computational difficulties with the lattice 
test as described above arise from the decision of the authors 
to treat linear congruential sequences as infinite sequences 
of integers, or worse yet, as the field of real numbers. 

The modulus m (composite) or p (prime) is not an element of 
the field and cannot legitimately be expressed in the field. 
Likewise, the intermediate computations which result in 
values greater than the modulus represent quantities not in 
the field which is to be characterized. 

The same concepts of finite field arithmetic which were 
applied to the individual elements of the field in Chapter II 
are readily extensible to the finite field of vectors ina 
finite n-dimensional space. Arithmetic in a finite vector 
space over a field will be examined and an intuitive develop- 
ment of the lattice test will now be presented. 

Conceptually, an n-dimensional space defined on a finite 
field with p elements contains pb" Gusti iets POliesTor bp" vec- 


tors emanating from the origin (taken to be the vector additive 


oye 





identity (0,0, ..., 0)). Arithmetic defined on these vectors 
possesses the field properties relating to the operations of 
addition and multiplication, that is the properties of clo- 
SMe, maistributivity, commutativity, and the additive and 
multiplicative identities. 

A linear congruential random number generator with primi- 
tive root multiplier and prime modulus produces a periodic 
sequence of (p-l) integers. Although the element zero does 
not appear explicitly, it will be agreed to include it to 
satisfy the requirement of an additive identity for field 
arithmetic. Hence the p elements (0,1,2, ..., p-l) are 
produced in some permuted order. 

The multidimensional properties of a linear congruential 
sequence are derived from considering consecutive n-tuples 
of the generated elements. Although the n-dimensional finite 
vector space defined on a field of p elements contains pb” 
vectors, the set of n-tuples derived from a linear congruen- 
tial sequence contains only p of these vectors, that is, 


the vectors 
({XgeXyr--- eX yt {X7Xgr--- Xt, oeoeoeoyp {Xp eX gree ee Xyigt) 


These p vectors satisfy the additive field property, that is, 
the sum of any two vectors is also a vector in the field. fThe 
additive identity is defined since for any vector, there is 
another vector such that their sum is (p,p,...,p) = (0,0,...,0) 


(mod p). 


So 





The lattice test need only be concerned with the p vec- 
tors generated by the linear congruential sequence regard- 
less of the dimension of the space being considered. The 
optimal hypercube in n-dimensional space will be defined by 
n vectors of the p possible vectors. The lengths of sides 
of the hypercube will be the difference of the vectors 
defining adjacent corners of the hypercube, and by the pro- 
perties of finite field arithmetic,-this vector difference 
will also be one of the p possible vectors. 

The previous development of the lattice test required a 
basis of n linearly independent vectors to span the space. 
This is a requirement only when all p™ vectors are to be 
spanned. Since only oe possible vectors are to be spanned 
in this formulation, only one basic vector is necessary. 

A natural starting basic vector is then Ml Bip oe pe a nee Dice 
It is clear that this vector is one of the p possible vec- 
tors and all other vectors are integral multiples of this 
basic vector. Reduction modulo p is carried out since the 
field operations are defined to be modulo addition and modulo 
multiplication. Problems of overflow are avoided since the 
vector elements never exceed p in magnitude. 

The question of a new lattice test algorithm remains. 
Which integral multiples of the basic vector constitute the 
sides of the smallest n-dimensional hypercube formed by the 
p possible vectors? 

The two dinensional case will be considered. In the 


finite two dimensional space over the prime field of 
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characteristic p, there are p* possible vectors. Given a 
primitive root/prime modulus random number generator 
Keay =a x. (mod p), the full period will consist of a 
permutation of the (p-1) field elements. Again, it will 
be agreed to include the additive identity element Oo. 
Taking successive, overlapping pairs of the elements of the 
linear congruential sequence results in p possible vectors 
in the finite space of p* vectors. Since the integer l 
appears in the sequence, the basic vector will be chosen 
to be (1,a). The order in which the vectors are generated 
is immaterial. By systematically choosing the vectors, the 
lattice spanned by the p vectors can be constructed without 
lengthy search. 

Assuming the primitive root multiplier to be less than 
; , the next vector of interest is the vector (2,2a) = 2({1,a). 
Clearly, this vector is one of the p possible vectors and it 
can also be seen that it is oriented in the same direction as 
(l,a) but with twice the magnitude. Another way to view this 
situation is to treat (l,a) and 2(1,a) as points which lie 
on the same line emanating from the origin (0,0), each point 
maintaining a constant distance from the preceeding point. 

To determine how many points lie on this line it is 
necessary to determine which value Ky causes the quantity 
k,a to exceed the modulus p and consequently be reduced 


1 


(mod p). With ka reduced (mod p), the vector kK, (1,a) (mod p) 
is no longer oriented in the same direction as the vectors 


(Oeceme lA), «2.6, (k,-1) (1,a). The value Ky 1s simply 
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‘p/a where the brackets indicate the greatest integer 
Eunetion. 
Beginning with the point K, (1,a) (mod p) another line is 


formed parallel to the first line consisting of the points 
tk, (1,a), (kK, +1) (1,a), eee (k,-1) (1,a) } (mod p). 


The value Ko is 2p/a . This procedure may be continued for 
successive parallel lines until all p points have been 
covered. 

It is, of course, not necessary to generate all of the 
p points nor is it necessary to determine how many parallel 
lines are contained in the space. To find the shortest 
vector emanating from the origin to one of the parallel lines 
requires at most a computation of the first element of the 
line. This bound is actually much greater than the number 
of computations required in practical situations. Assuming 
that the vector to a point k, (1,a) (mod p) has been computed, 
all starting points ee p) which lie on the same 
line need not be considered since they are parallel to the 
vector and obviously are greater in magnitude. 

Some examples will now be shown to clarify the procedure 


described above. 


Example 1. Keay =a Xs (mods p) ;— 7a.=-3, 0 =s7. 
The basic vector is (1,3). Ky S Ilys Ss. K5 = 3473) =a 


> 3. Only two vectors need be considered. The Euclidean 


42 





length of the vector (1,3) is (10)2/2. 


ae 


The length of the 


weceer (6,1) is (37) . To complete the search for the 


parallelogram with shortest sides, the vector (6,1) - 
= (5,2) 1s computed and its length is (29) 172. 
ratio of the optimal lattice parallelogram is (29 


a Oli 


Example 2. Xeay =a x, (M@GPp) + a= =, pp e— 17, 


Pie basic vector is (1,7). k, = 17/7 = 3, k, = 34/77 


1 2 
k, = 51/7 =8 > 7. The respective lengths are (50) 


3 
(25)172 ana (26)1/2, 


We 


tengehn (25) will be one side of the optimum lattic 


eS) 


The side 
4/427 (19) V2 


= 5, 


Wye 


e 


r 


The vector (3,4) with the smallest 


parallelogram. The distance from (3,4) to (5,1), the next 


smallest, will be computed to determine if it will yield a 


smaller side. Since this length is (13) 174 


lattice parallelogram has side ratio (25 
_ aoe 
Example 3. Keay =a x (moOGp) asa — lo, cul 7p 


neemseromvectar ie (1.16607). k. =) 2- a= 176807 


il 
> 16807. The respective lengths are (282475250) 1/2 


7 2 


II 


and 


, the optimum 


ey ely 


oo 


aol 


127774 


(652138 3917) . The length of the vector (127774,13971) 


to (1.16807) is (16333982425)27°. 


2 


Shortest sides is then (16333982425) -/*,/(282475250) 17 


Z 


The side ratio of the two 


Two interesting results should be noted here. First, 


this generator has less than optimal two dimensional lattice 


characteristics and second, the previously reported results 


for this generator used the ratio 
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= 4.74. 





lee 2162917) ~ ~/(292475250) ~/ - = 7.60 from Marsaglia's 
algorithm. This is evidence of the Marsaglia algorithm 
BEST2 not achieving an optimal basis. 

This chapter has unfortunately stopped tantalizingly 
short of producing an algorithm for use in the many cases 


of interest. The last chapter will outline the course of 


— 


future work in this direction. 
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Vow se LUE Sheena, Leow 


The spectral test for linear congruential random number 
generators is directly related to the lattice test. The 
development of the spectral test comes from an entirely 
different theoretical basis, however. 

The application of the spectral test to linear congruen- 
tial random number generators began with the work of Coveyou 
and Macpherson. Knuth [Ref. 8] published a computational 
algorithm which, as stated in the previous chapter, requires 
90-bit integer arithmetic to achieve accurate results. A 
brief historical outline of the basis and development of the 
spectral test will be given. The test will then be compared 


and contrasted with the lattice test. 


A. HISTORICAL DEVELOPMENT 

The theoretical basis of the spectral test for linear 
congruential sequences is a theorem by H. Weyl in 1916. The 
theorem was concerned with the distribution of sequences of 
deterministic numbers reduced modulo 1. Although the sequences 
to be examined were deterministic in nature, they were also 
assumed to be infinite in length and of infinite precision. 
in representation. 

Assuming an infinite sequence of real numbers, say XyrXy0 
Bees Xyreees on the half-open interval [0,1), select a number 


Wealscomonrthe interval [0,1). lee N,, be the cardinal number 


of the first N values of {X} which are contained in the 
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subinterval [0,Y). The sequence {X} is then said to be 
equidistributed modulo 1 if lim sof ="Y for all values of 
Y. Weyl's theorem extends a definition touan arbrtrary 
number of dimensions. 

A 1963 paper by Franklin [Ref. 6] applied Weyl's theorem 
to sequences of pseudo-random numbers. Franklin was con- 
cerned with the equidistribution of the deterministic se- 
quence Xs = e* (mod ij tomes = I, 2,.865 He -provea thatpenis 
sequence is completely equidistributed for almost all 989 > l 
and further proved that 9 must be a transcendental number. 
Franklin's work was also developed on the basis of infinite 
precision of the values X. (moda) 

Poeeiough they do not cite Franklin's work as a precedent, 
Ahrens and Dieter [Ref. 3] have proposed a FORTRAN implemen- 
tation of a random number generator using real arithmetic 
and the golden section number as a multiplier. This number 
is, of course, irrational but not transcendental. They 
claim the equidistribution properties of this generator are 
derived from the irrationality of the multiplier. 

The Coveyou and Macpherson development was the first 
time that Weyl's theorem was applied to finite, periodic 
sequences of linear congruential generators. Knuth amplified 
the development of the Coveyou and Macpherson test and 


offered a complete algorithm for its implementation. 
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B. THE ALGORITHM 

Weyl's theorem provides necessary and sufficient condi- 
tions for equidistribution of infinite sequences of deter- 
ministic numbers reduced modulo 1. To introduce Weyl's 
theorem, let X,, i= 1,2,... be a sequence of n-tuples, that 


$ = x e * ® © ® . s ® 
Ls; x, ( 0,i! Raa! ; ee where the By all lie 
in the interval [0,1). The X. are n-dimensional vectors in 


the n-dimensional unit hypercube in Euclidean space. 


Weyl's Theorem. ~ The sequence of points X1+X5p an, wes 


equidistributed modulo 1 if and only if 


iE | 
5 z exp ( 2m (qgXq 5 + GX) 5 + ..e+ Se ee = 0 
pre © jal 
for all vectors (4) Tyrese G_y) with integer elements not 


all zero. 

The proof of this theorem is rather lengthy and will not 
be repeated here. Coveyou and Macpherson [Ref. 5] applied 
this theorem to the case of linear congruential random number 
generators and provided computational details for an algorithm. 
mueh so development [Ref. 8] of the algorithm will be 
outlined. 

To begin, the spectral test is only applicable to full 


period generators, that is, properly formulated mixed 


tsansson, Birger, Random Number Generators, p. 156, 


Amlquist and Wiksell, StockhoIm, 1966. 
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congruential generators with composite modulus or primitive 
root/prime modulus generators. Although Knuth treated the 
mixed congruential case, the primitive root/prime modulus 
case will be substituted in this brief outline. 

Let the random number generator be Xi4, 7 aX; (mod p). 


The finite Fourier transform of this sequence is then 





-]i ; 
ak P =e 
£(SjrSore+-7S,) = —— exp (— = (s,X, +S5X, .,+---+S,X,,,_4)) 
pas sat 
== z exp 27% (s (a) X,)) 
where 
s(a) = Si + sja + ; sa" 


Since all values of k appear in the sequence and their order 
is immaterial, the following may be substituted: 
a 


r exp ( 
=0 


p a ‘ 
271 S(a)k). 





Olt 


Mise, Sa... Ss.) = 
ae 2 n k 


Noting that this represents the sum of a geometric series, 


the basis formula is 


E(S)1S5r-++7Sy) = §(s(a)/p) (15) 


where 6(X) = 1 if X is integer and 0 otherwise. 
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Application of discrete probability theory yields the 
result that the joint probability of any n-tuple (X,, Keays 
veer My) is 1/p" hence the value SUE Epona Sa) ie 
may be interpreted physically as the amplitude of the 
n-dimensional complex plane wave 


_ Zee 
w(ti,t5,---,t,) a S268) MS ego c Cateye 1) 


A wave number may assigned to this plane wave corresponding 
to the frequency of the wave. The wave number is 


_ 2 2 Qe 2 
v= (sy +S5 +...+S, ) 


£Or Sy. p/2Ze 
In a truly random sequence no waves should be present 

except a constant wave of frequence zero. Any generator 
which produces a swquence whose transform yields nonzero 
frequencies can be considered to be nonrandom. To summarize 
the spectral test Knuth- states: 

pet ie is the smallest nonzero value of the 

wave number ... for which £(S)1Sor-++7S,) ~ 0 

in a linear congruential sequence with maximum 

period, then the sequence X)/m,X,/M,X,/M,... 

represents a sequence of random numbers uniformly 


distributed between 0 and 1, having ‘accuracy’ 





Z 


Knuth, D.E., The Art of Computer Programming, Volume 2: 
Seminumerical Algorithms, p. 85, Addison-Wesley, N.Y., 1969. 
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Ge GEuicatton error: PT with respect to 
the independence of n consecutive values of 
the sequence averaged over the entire period." 
Equation (1) represents the spectrum of the linear con- 
gruential sequence. It can be seen from (1) that 
£(s,,d5,-++7S,) = 0 except when 
Dik 


s(a) = S45 + Soa enacts S 2 =e minoad so) 


in this case £(S)1Sor-++7S,) = 1. Again directly quoting 
Knuth>: 
",...for linear congruential ‘sequences of 


maximum period, the smallest nonzero wave 


number in the spectrum is given by 


ee: 2 2 2,1/2 
v5 min (Ss) + S.5 + ...+ Ss, ) 


where the minimum is taken over all n-tuples of 


integers (S)1Sor-+-7S8,) satisfying (2)." 


Knuth then proceeds to develop an elaborate computational 
scheme to implement the spectral test. As with the lattice 
test algorithm of Ahrens and Dieter, the test algorithm is 
formulated in terms of the solution to a positive definite 


quadratic form. To find the minimum value of the wave 


Ibid., p. 85. 
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number (cn - S50 + ...+ 5. ye such that 


n-1 


S (a) - Soa +t... + Sia = 0 (mod p) the problem may 


be reformulated as: 
find the minimum value of the quantity 
Z Z 


s_.)° + + S,ta_,S,+...ta__s_) 


1. 
fin n Sai coal ene 2 Ane a 


cemtoy 12°2°° °° 
This results in the positive definite quadratic form 


(SyrSoreee eS)! A (Sy) +SoreeerS)) 
where (Sj rSor--erS,) is a column vector, not all zero, and 


A is any nonsingular matrix of coefficients. 


Tecate orECTRAL TEST IN A FINITE FIELD 

The computational algorithm for the spectral test is 
somewhat more involved than the algorithm for the lattice 
test. Knuth's algorithm, however, is very carefully written 
and can very easily be implemented assuming the availability 
of multiple-precision arithmetic subroutines. 

In view of the finite field approach of this thesis, the 
basic assumptions of the spectral test appear entirely in- 
appropriate. To begin, consider the discrete probabilistic 
basis of the spectral test. In one dimension, the probability 
measure assigned to each element is correctly 1/p. However, 
in higher dimensions, the probability measure for each n-tuple 


in the space is taken to be l/p. Since Only p distinec 


aye 





n-tuples are generated by a linear congruential generator, 
the correct measure should be still 1/p. This point is more 
clearly seen when it is recalled that all n-tuples generated 
by a primitive root/prime modulus generator in finite dimen- 
Sional space are integral multiples of the basic vector 
Beere-....,a -). That is, the set of all possible n-tuples 


is 
eicinaas ee ana) cmadnc eae ee aT 


Similarly, the theoretical basis of the spectral test is 
the finite Fourier transform defined only in the complex 
field. When viewing the sequence generated by the primitive 
root/prime modulus random number generator as a finite field, 
a more appropriate transform is available, specifically the 
number theoretic transforms as developed by Rader [Ref. 12], 
Agarwal and Burris [Ref. 1], and Pollard [Ref. ll]. The 
finite Fourier transform has been used since in the complex 
field a primitive root of unity exists, namely exp(2Tik). 

In finite fields, any primitive root of the prime modulus is 
a primitive root of unity and consequently a transform (gen- 
erating function) is defined. For the case of primitive 
root/prime modulus generators, the spectral test may be more 
appropriately defined in terms of these transforms. 

As in the lattice test, only p possible n-tuples can 
be generated, hence the search for the minimum value of the 


Z 2 Zee 


+ s Teecee see eS 
wave number (Sy) 9 _ ) 


such that 
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s(a) = Sy + Sa te des aie = 0 (mod p) becomes impossible. 


The following theorem demonstrates this fact. 


Theorem 9: For the primitive root/prime modulus random 
number generator Xen =a Xs (mod p) no solution. to the 
basic congruence 


s(a) = Sy + sa eee: sa" = 0 (mod p) 


exists in the finite field of characteristic p. 


PpeeOr: | Referring to the development of finite fields in 
Chapter II and Chapter IV, Section C, the only possible 
wave in the spectrum of the primitive root/prime modulus 
random generator must be of the form k(1,a,...,a° ~) (mod p) 
Boiesome integer k such that 0 < k < p-l.  Sincé p is prime, 
it has no integral divisors, hence (ia ee ie must be 


congruent to 0 modulo p. This cannot happen for any n such 


Siaew0eceme< Pol.) Let n= 1, then 
(l+a) = 0 (mod p) 
since this implies that a = p-l or a = -1 in primitive mark 


notation and +l are not, by definition, primitive roots of 


any prime p > 2. Let n = p-l, then 


3 





oa 
y» a 
=0 


2. 


ier a HS... + aP- 1) oa 1 - aP/i-a 


ae 


1 - a/l-a 


I 205 (mode). 


bee 1 <n < p-l, then 


hi) .. 
@erea + ...ta°) = = a* = l=a flea 7 0) (mod =.) 
1=0 


Since for this to be congruent to 0 would imply that a® = 1 


mate contradicts the primitivity of a for which p-1 is the 


smallest positive integer such that aP-t = J (mod ©) 2 een -p- 


The spectral test, when considered as a special case of 
the lattice test, is still useful when characterizing linear 
congruential sequences. Unfortunately, the formulation of 
the test is, at best, shakey. In simpler terms, the spec- 
tral test is designed to determine the minimum Euclidean 
distance between consecutive hyperplanes containing points 
of the generated sequence. In contrast to the lattice test, 
only the shortest side of the hypercube is of interest, rather 
than the ratio of longest to shortest side. The spectral 
test may be most simply restated for primitive root/prime 
modulus random number generatros as: 


find the minimum value of 
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wo = k(1~ + at & ... + a> ™52)) oa 5) 
Gver all k such that 0 < k < p-l. 

As in Chapter IV on the lattice test, this chapter will 
stop painfully short of producing a general purpose algorithm 


for a new spectral test. As the conclusions will reiterate, 


future work will most certainly produce such an algorithm. 
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VI. CONCLUSIONS 


The development of primitive root/prime modulus sequences 
as finite fields has opened an entirely new perspective on 
the characterization of congruential random number generators. 
The results established in the proceeding chapters have been 
confined to the class of primitive root/prime modulus genera- 
tors but it is felt that the results are readily extendible 
to mixed generators with composite moduli. 

The lattice test and spectral test have been shown to be 
equivalent in their power to characterize sequences, the 
choice of one test over the other is merely a matter of 
waste. While the theoretical, geometric, and intuitive 
appeal of both tests are appealing, their implementation has 
suffered from over-sophistication. The sparse results pre- 
sented here were worked out by hand calculator. Several 
Other generators have also been examined by hand and the 
results agree with published lattice test results. Some 
cases of published results did not work out as simply since 
the multipliers were greater than the square root of the 
modulus and the multiplicative inverses, which would have 
produced the correct results, were too difficult to find. 

Further development of the results presented here will 
lead to criteria for selecting multipliers which will produce 
nearly optimal properties of the sequence as characterized 


by the lattice and spectral tests. 
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The lattice and spectral test algorithms can be rede- 
veloped completely based on finite field properties. The 
implementation of such algorithms will be quite natural for 
digital computers since all arithmetic on digital computers 
is necessarily confined to finite field arithmetic due to 
the finite capacity of the registers. ("Real arithmetic", 
or floating point, is confined to a finite set of the 
Eatwonals . ) 

The implications of the results presented here are far- 


reaching. On-going research should bring them to fruition. 
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